sysadmin/bin/wg-addpeer

#!/bin/bash
set -euo pipefail

# hardcoded constants
wg_domain="wg.alemor.org"
wg_dev="wg0"

# check for arguments
if [[ $# -lt 1 || $# -gt 1 ]]; then
   echo "Usage: $(basename $0) ssh_destination"
   exit 1
fi
dest="$1"

# script expects ssh-persist to be either in the same directory, or in the path
cd $(dirname $0)
. ssh-persist.sh $dest

# gather host info
host_name=$(hostname)
host_fqdn=$(hostname --fqdn)
host_wgip=$(ip -4 addr show $wg_dev | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
host_port=$(sudo wg show $wg_dev listen-port)
host_key=$(sudo wg show $wg_dev public-key)

# gather dest info
sudo -v -p '[sudo] password for %u@%h'
dest_name=$(sshp hostname)
dest_fqdn=$(sshp hostname --fqdn)
dest_wgip=$(sshp ip -4 addr show $wg_dev | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
dest_port=$(sshp sudo wg show $wg_dev listen-port)
dest_key=$(sshp sudo wg show $wg_dev public-key)

# add peer on host
echo "Configuring peer on local host ..."
sudo wg set $wg_dev peer "${dest_key}" endpoint $dest_fqdn:$dest_port allowed-ips $dest_wgip/32
echo "Configuring peer hostname on local host ..."
search="^[0-9.]+\s+$dest_name.$wg_domain"
replace="$dest_wgip\t$dest_name.$wg_domain"
(grep -qE "$search" /etc/hosts && sudo sed -E "s/$search/$replace/" /etc/hosts || echo -e "$replace" | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null

# add peer on dest
echo "Configuring peer on remote host ..."
sshp sudo wg set $wg_dev peer "'${host_key}'" endpoint $host_fqdn:$host_port allowed-ips $host_wgip/32
echo "Configuring peer hostname on remote host ..."
search="^[0-9.]+\s+$host_name.$wg_domain"
replace="$host_wgip\t$host_name.$wg_domain"
sshp "(grep -qE '$search' /etc/hosts && sudo sed -E 's/$search/$replace/' /etc/hosts || echo -e '$replace' | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null"